IntroductionForcepoint ONE SSE Cloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
GRE OverviewGeneric Routing Encapsulation (GRE) is a tunneling protocol used to encapsulate and route data via a virtual point-to-point connection.
ThroughputFor Forcepoint ONE SSE Cloud SWG, Forcepoint allocates 0.1 megabits per second (Mbps) per licensed user per virtual datacenter.
AudienceDefines the audience of this document.
Configurations in Forcepoint ONE SSEThis section details the configurations required to setup GRE tunnel in Forcepoint ONE SSE.
Creating SitesA Site represents a corporate location from which traffic will originate. While creating a Site, you need to configure GRE tunnel through which traffic should be sent over to cloud and create or add subnets groups within the site.
Viewing TunnelsAfter creating tunnels, you can monitor the status of each tunnel under Analyze > Tunnels page.
Configurations on edge deviceThis section details the configurations you need to carry on Juniper SRX device using the details from the Analyze > Tunnels page in Forcepoint ONE SSE.
Abbreviations for configuration parametersAbbreviations are used for configuration parameters in the configuration examples. Replace the abbreviations with the appropriate addresses and values for your configuration.
Configurations on Juniper SRXDescribes how to configure GRE tunnels on Juniper SRX device.
Useful show commandsShow commands display information such as connection and operation statistics.
Example GRE configuration for Juniper SRXThis topic provides example GRE configurations that needs to done on Juniper SRX to route http and https traffic to Forcepoint ONE SSE via GRE tunnels.
TroubleshootingThe following table lists some problems that may be encountered in configuring and establishing your tunnel, with some suggested actions.
Verifying high availability failoverFor each site you add, it is important to ensure that the High Availability (HA) failover capability is provisioned and configured correctly such that failover happens successfully when required.